BGP Prefix Origin AS Validation with RPKI

This topic is to discuss the following lesson:

Hello Dears,

Usually when it comes to RPKI, we just check the online tools such as Routinator as you mentioned to check if the route is valid or not,

Now could you please explain why we need to configure it up in the routers? does it going to help and not advertise those routes when is not valid or not found to the peer routers?

also this shouldn’t be router bgp 12 or it is okay ?

And please why prefix is not found route?

Hello Ahmedlmad

The validity of routes is something that is dynamic, and it can change. Checking the validity of routes on an online tool without any additional action is useful, but information can become out of date. For this reason, by configuring the routers to dynamically check upon the validity of the routes allows for them to get real-time updates to information.

If for some reason a route becomes invalid by not passing the RPKI check, then it can reject the route, log the issue and send alerts to any network monitoring service, and determine alternative routes for the same destinations.

As for the typo in the lesson, you are correct, that should indeed be bgp 12. I’ll let Rene know to make the change.

The reason why this prefix is not found is because it has no route origin authorizations (ROAs) in the Routinator server. You are correct however in the fact that this is not explained further in the lesson. I will ask Rene to clarify this point and to consider modifying the lesson to include this information.

I hope this has been helpful!


1 Like